Request for generic engine support
John Dickinson
jad at jadickinson.co.uk
Fri May 9 14:42:40 EST 2008
On 9 May 2008, at 03:36, Mccue, Richard Alan wrote:
>
>> How do you feel about PKCS#11 ?
>
> I'm not sure the device I'm working with fits well with the PKCS#11
> token interface. The device is a little more complicated than a
> smartcard. It can handle multiple private keys. If a dozen apps all
> have different private RSA keys, each app can load its key
> separately and have the device encrypt/decrypt with it. PKCS#11 is
> on my list of things to investigate more deeply. Maybe later this
> year I'll understand PKCS#11 a little better.
Can you tell us what the device is and/or what engine you are trying
to use?
It sounds like an HSM - if it is then it almost certainly supports
pkcs11. Using a pkcs11 enabled version of OpenSSH will most likely be
easier than trying to support every different OpenSSL engine that a
user might decide to use.
John
---
John Dickinson
More information about the openssh-unix-dev
mailing list